ssl-bozo.c revision 1.3.4.1
1 1.3.4.1 wrstuden /* $NetBSD: ssl-bozo.c,v 1.3.4.1 2008/06/23 04:29:56 wrstuden Exp $ */ 2 1.2 tls 3 1.3 mrg /* $eterna: ssl-bozo.c,v 1.7 2008/03/03 03:36:12 mrg Exp $ */ 4 1.1 tls 5 1.1 tls /* 6 1.3 mrg * Copyright (c) 1997-2008 Matthew R. Green 7 1.1 tls * All rights reserved. 8 1.1 tls * 9 1.1 tls * Redistribution and use in source and binary forms, with or without 10 1.1 tls * modification, are permitted provided that the following conditions 11 1.1 tls * are met: 12 1.1 tls * 1. Redistributions of source code must retain the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer. 14 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 15 1.1 tls * notice, this list of conditions and the following disclaimer and 16 1.1 tls * dedication in the documentation and/or other materials provided 17 1.1 tls * with the distribution. 18 1.1 tls * 3. The name of the author may not be used to endorse or promote products 19 1.1 tls * derived from this software without specific prior written permission. 20 1.1 tls * 21 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 1.1 tls * SUCH DAMAGE. 32 1.1 tls * 33 1.1 tls */ 34 1.1 tls 35 1.1 tls /* this code implements SSL for bozohttpd */ 36 1.1 tls 37 1.1 tls #ifndef NO_SSL_SUPPORT 38 1.1 tls 39 1.1 tls #include <unistd.h> 40 1.1 tls 41 1.1 tls #include <openssl/ssl.h> 42 1.1 tls #include <openssl/err.h> 43 1.1 tls 44 1.1 tls #include "bozohttpd.h" 45 1.1 tls 46 1.1 tls static SSL_CTX *ssl_context; 47 1.3.4.1 wrstuden static const SSL_METHOD *ssl_method; 48 1.1 tls static SSL *bozossl; 49 1.1 tls static char *certificate_file; 50 1.1 tls static char *privatekey_file; 51 1.1 tls 52 1.1 tls static int ssl_printf(const char *, ...); 53 1.1 tls static ssize_t ssl_read(int, void *, size_t); 54 1.1 tls static ssize_t ssl_write(int, const void *, size_t); 55 1.1 tls static int ssl_flush(FILE *); 56 1.1 tls 57 1.1 tls void 58 1.1 tls ssl_init(void) 59 1.1 tls { 60 1.1 tls if (!certificate_file) 61 1.1 tls return; 62 1.1 tls SSL_library_init(); 63 1.1 tls SSL_load_error_strings(); 64 1.1 tls 65 1.1 tls ssl_method = SSLv23_server_method(); 66 1.1 tls ssl_context = SSL_CTX_new(ssl_method); 67 1.1 tls 68 1.1 tls /* XXX we need to learn how to check the SSL stack for more info */ 69 1.1 tls if (ssl_context == NULL) 70 1.1 tls error(1, "SSL context initialization failed."); 71 1.1 tls 72 1.1 tls SSL_CTX_use_certificate_file(ssl_context, certificate_file, 73 1.1 tls SSL_FILETYPE_PEM); 74 1.1 tls SSL_CTX_use_PrivateKey_file(ssl_context, privatekey_file, 75 1.1 tls SSL_FILETYPE_PEM); 76 1.1 tls 77 1.1 tls /* check consistency of key vs certificate */ 78 1.1 tls if (!SSL_CTX_check_private_key(ssl_context)) 79 1.1 tls error(1, "check private key failed"); 80 1.1 tls } 81 1.1 tls 82 1.1 tls void 83 1.1 tls ssl_accept() 84 1.1 tls { 85 1.1 tls if (ssl_context) { 86 1.1 tls bozossl = SSL_new(ssl_context); /* XXX global sucks */ 87 1.1 tls SSL_set_rfd(bozossl, 0); 88 1.1 tls SSL_set_wfd(bozossl, 1); 89 1.1 tls SSL_accept(bozossl); 90 1.1 tls } 91 1.1 tls } 92 1.1 tls 93 1.1 tls void 94 1.1 tls ssl_destroy() 95 1.1 tls { 96 1.1 tls if (bozossl) 97 1.1 tls SSL_free(bozossl); 98 1.1 tls } 99 1.1 tls 100 1.1 tls void 101 1.1 tls ssl_set_opts(char *cert, char *priv) 102 1.1 tls { 103 1.1 tls certificate_file = cert; 104 1.1 tls privatekey_file = priv; 105 1.1 tls debug((DEBUG_NORMAL, "using cert/priv files: %s & %s", certificate_file, 106 1.1 tls privatekey_file)); 107 1.1 tls if (Iflag_set == 0) 108 1.1 tls Iflag = "https"; 109 1.1 tls bozoprintf = ssl_printf; 110 1.1 tls bozoread = ssl_read; 111 1.1 tls bozowrite = ssl_write; 112 1.1 tls bozoflush = ssl_flush; 113 1.1 tls } 114 1.1 tls 115 1.1 tls static int 116 1.1 tls ssl_printf(const char * fmt, ...) 117 1.1 tls { 118 1.1 tls int nbytes; 119 1.1 tls char *buf; 120 1.1 tls va_list ap; 121 1.1 tls 122 1.1 tls /* XXX we need more elegant/proper handling of SSL_write return */ 123 1.1 tls va_start(ap, fmt); 124 1.1 tls if ((nbytes = vasprintf(&buf, fmt, ap)) != -1) 125 1.1 tls SSL_write(bozossl, buf, nbytes); 126 1.1 tls va_end(ap); 127 1.1 tls 128 1.1 tls return nbytes; 129 1.1 tls } 130 1.1 tls 131 1.1 tls static ssize_t 132 1.1 tls ssl_read(int fd, void *buf, size_t nbytes) 133 1.1 tls { 134 1.1 tls ssize_t rbytes; 135 1.1 tls 136 1.1 tls /* XXX we need elegant/proper handling of SSL_read return */ 137 1.1 tls rbytes = (ssize_t)SSL_read(bozossl, buf, nbytes); 138 1.1 tls if (1 > rbytes) { 139 1.1 tls if (SSL_get_error(bozossl, rbytes) == SSL_ERROR_WANT_READ) 140 1.1 tls warning("SSL_ERROR_WANT_READ"); 141 1.1 tls else 142 1.1 tls warning("SSL_ERROR OTHER"); 143 1.1 tls } 144 1.1 tls 145 1.1 tls return rbytes; 146 1.1 tls } 147 1.1 tls 148 1.1 tls static ssize_t 149 1.1 tls ssl_write(int fd, const void *buf, size_t nbytes) 150 1.1 tls { 151 1.1 tls ssize_t wbytes; 152 1.1 tls 153 1.1 tls /* XXX we need elegant/proper handling of SSL_write return */ 154 1.1 tls wbytes = (ssize_t)SSL_write(bozossl, buf, nbytes); 155 1.1 tls 156 1.1 tls return wbytes; 157 1.1 tls } 158 1.1 tls 159 1.1 tls static int 160 1.1 tls ssl_flush(FILE *fp) 161 1.1 tls { 162 1.1 tls /* nothing to see here, move right along */ 163 1.1 tls return 0; 164 1.1 tls } 165 1.1 tls #endif /* NO_SSL_SUPPORT */ 166
Indexes created Fri Oct 03 02:09:57 GMT 2025